Systems and methods for protecting backed-up data from ransomware attacks
Granted: July 24, 2018
Patent Number:
10032033
The disclosed computer-implemented method for protecting backed-up data from ransomware attacks may include (1) determining that a backup system periodically backs up at least one file stored at a computing device to a remote storage system by storing a copy of the file at the remote storage system, (2) identifying one or more characteristics of the file backed up by the backup system, (3) storing a tripwire file with the one or more characteristics at the computing device, (4)…
Systems and methods for selectively applying malware signatures
Granted: July 24, 2018
Patent Number:
10032023
A computer-implemented method for selectively applying malware signatures may include (1) receiving a time-sensitive malware signature at a receiving time to apply to a computing environment, (2) identifying a first target object observed within the computing environment at a first observation time, (3) deactivating the time-sensitive malware signature with respect to the first target object based on a difference between the receiving time and the first observation time, (4) observing a…
Practical and dynamic approach to enterprise hardening
Granted: July 17, 2018
Patent Number:
10025937
Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening…
Detecting application leaks
Granted: July 10, 2018
Patent Number:
10019582
A method for detecting application leaks is described. In one embodiment, the method may include the method may include identifying a first application as a known application, assigning a first identifier to the first application, appending the first identifier to data generated by the first application, identifying a second application as an unknown application, assigning a second identifier to the second application, identifying a data usage by the second application, appending the…
Systems and methods for locating unrecognized computing devices
Granted: July 3, 2018
Patent Number:
10015768
The disclosed computer-implemented method for locating unrecognized computing devices may include (1) identifying a plurality of cooperating computing devices on a wireless network that are each configured with a device location application, (2) determining a physical location for each cooperating computing device within the plurality of cooperating computing devices, (3) receiving, from the device location application on the plurality of cooperating computing devices, data about packets…
Live migration of massive numbers of network connections, including long lived connections
Granted: July 3, 2018
Patent Number:
10015266
A massive number of long lived connections is migrated between a source and a destination computer. Connection state information concerning each request being processed on each connection is transferred from the source to the destination computer. The source continues to respond to requests on a given connection while transferring corresponding state information. Once state information for a specific connection has been transferred, the connection is switched from the source to the…
Systems and methods for protecting computing resources
Granted: July 3, 2018
Patent Number:
10015182
The disclosed computer-implemented method for protecting computing resources may include (i) computing a degree of commonality between pairs of users within a file sharing system based on which files the users accessed over a period of time, (ii) building a social graph that indicates at least one edge between members of an instance of the pairs of users, (iii) computing an anomaly score for a user within the instance of the pairs of users, (iv) detecting that the anomaly score deviates,…
Systems and methods for location-aware access to cloud data stores
Granted: July 3, 2018
Patent Number:
10015173
The disclosed computer-implemented method for location-aware access to cloud data stores may include (1) obtaining a location policy that governs access to a cloud data store, the location policy specifying one or more location rules to be satisfied in order to access files in the cloud data store, (2) receiving a request, from a client system, to access one or more files in the cloud data store, (3) verifying that the request satisfies the location rule and therefore complies with the…
Detecting URL scheme hijacking
Granted: June 26, 2018
Patent Number:
10009374
A computer-implemented method for detecting malware is described. In some embodiments, the method includes identifying an application identifier of a first application paired with a universal resource locator (URL) scheme, and storing the identified pairing of the application identifier and URL scheme of the first application in a database. In some cases, the database stores URL scheme pairings of a plurality of applications. In some embodiments, the method includes identifying an…
Synchronization of transactions utilizing multiple distributed cloud-based services
Granted: June 26, 2018
Patent Number:
10009425
A SPOC server receives a request to initiate a transaction utilizing multiple separate distributed cloud based services located on separate datacenters, from an endpoint. The SPOC server generates a transaction identifier for the transaction. The SPOC server transmits the generated transaction identifier to the endpoint. Receipt of the generated transaction identifier directs the endpoint to call each one of the separate services, with the transaction identifier. Over time, the SPOC…
Method or mechanism for detecting network intrusion with gateway IP geolocation
Granted: June 26, 2018
Patent Number:
10009316
A method for detecting network intrusion, performed by a processor is provided. The method includes coupling a computing or communication device to a network device and determining a geolocation of the network device. The method includes comparing the geolocation of the network device to an expected value and determining whether to connect to a network based on the comparing. A computer readable media containing instructions and a device are also provided.
System and method of traffic inspection and stateful connection forwarding among geographically dispersed network appliances organized as clusters
Granted: June 26, 2018
Patent Number:
10009230
A peering relationship among two or more network appliances is established through an exchange of control messages among the network appliances. The peering relationship defines a cluster of peered network appliances, and at each network appliance of the cluster traffic flow state information for all the network appliances of the cluster is maintained. Network traffic associated with traffic flows of the network appliances of the cluster is managed according to the state information for…
Systems and methods for detecting malware
Granted: June 26, 2018
Patent Number:
10007786
A computer-implemented method for detecting malware may include (1) identifying a behavioral trace of a program, the behavioral trace including a sequence of runtime behaviors exhibited by the program, (2) dividing the behavioral trace to identify a plurality of n-grams within the behavioral trace, each runtime behavior within the sequence of runtime behaviors corresponding to an n-gram token, (3) analyzing the plurality of n-grams to generate a feature vector of the behavioral trace,…
Monitoring video game activity by wireless scanning
Granted: June 26, 2018
Patent Number:
10004986
Techniques are disclosed for monitoring and evaluating video game activity by scanning for communications between a gaming console and peripherals that wirelessly communicate with the gaming console. An activity tracker receives wireless communications sent between the gaming console and a peripheral. The activity tracker generates one or more usage metrics describing the wireless communications. The activity tracker evaluates the network data based on or more specified rules. Upon…
Systems and methods for detecting security threats
Granted: June 19, 2018
Patent Number:
10003606
The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different…
Flexible database schema
Granted: June 19, 2018
Patent Number:
10002171
Various systems and methods can provide a flexible database schema. One method can store information identifying a first entity in a first table. A unified data model includes several tables, including the first table and a metadata table. Each of the tables stores information describing one or more entities belonging to a respective archetype. The first table already stores information identifying a second entity when the information identifying the first entity is stored. The second…
Systems and methods for predicting security threats
Granted: June 12, 2018
Patent Number:
9998480
A computer-implemented method for predicting security threats may include (1) predicting that a candidate security target is an actual target of a specific security attack according to a non-collaborative-filtering calculation, (2) predicting that the candidate security target is an actual target of a set of multiple specific security attacks, including the specific security attack, according to a collaborative filtering calculation, (3) filtering, based on the specific security attack…
Systems and methods for detecting character encodings of text streams
Granted: June 5, 2018
Patent Number:
9990339
A computer-implemented method for detecting character encodings of text streams may include 1) identifying a request to identify a character encoding of a text stream, 2) dividing the text stream to identify a plurality of n-grams within the text stream, 3) identifying a plurality of vectors within a vector space, each vector representing a potential character encoding by a plurality of expected n-grams within the potential character encoding, 4) generating, based on the plurality of…
Systems and methods for improving the classification accuracy of trustworthiness classifiers
Granted: June 5, 2018
Patent Number:
9992211
The disclosed computer-implemented method for improving the classification accuracy of trustworthiness classifiers may include (1) identifying a set of training data that is available for training trustworthiness classifiers used to classify computing resources as clean or malicious, (2) selecting, based at least in part on a characteristic of a specific organization, a subset of training data from the set of training data that is available for training trustworthiness classifiers, (3)…
Using encrypted backup to protect files from encryption attacks
Granted: June 5, 2018
Patent Number:
9990511
The present disclosure relates to protecting files from attacks by malicious encryption programs. According to one embodiment, an endpoint system detects access to a file by an application and creates a copy of the file in temporary storage. The endpoint system determines whether the application has encrypted the file, and upon determining that the application has encrypted the file, the endpoint system creates an encrypted backup copy of the file using the copy in temporary storage and…
